diff --git a/config/kustomize/base/resources/deployment.yaml b/config/kustomize/base/resources/deployment.yaml
index 71f4023..d29c4be 100644
--- a/config/kustomize/base/resources/deployment.yaml
+++ b/config/kustomize/base/resources/deployment.yaml
@@ -13,10 +13,17 @@ spec:
       labels:
         app: keycloak
     spec:
+      securitycontext:
+        allowPrivilegeEscalation: false
+        runAsNonRoot: true
+        capabilities:
+          drop: ["ALL"]
       containers:
       - 
         image: staged-harbor-01.smardigo.digital/smardigo/keycloak:14.0.0.1
         imagePullPolicy: IfNotPresent
+        securitycontext:
+          runAsUser: 2000
         ports:
         - name: app-port
           containerPort: 8080